Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions, and there will frequently be alternative responses which will provide a valid answer. Markers are advised that, unless a question specifies that an answer be provided in a particular form, then an answer that is correct (factually or in practical terms) must be given the available marks. If there is doubt as to the correctness of an answer, the relevant NCC Education materials should be the first authority. Throughout the marking, please credit any valid alternative point. Where markers award half marks in any part of a question, they should ensure that the total mark recorded for the question is rounded up to a whole mark.
Answer ALL questions Question 1 a) Briefly describe the FIVE (5) elements of a symmetric encryption system 5 Award 1 mark for each bullet point up to a maximum of 5 marks: Plaintext the actual message in normal, readable format Encryption algorithm the mathematical method used to encrypt the message Secret key a sequence of bits used in the encryption process Ciphertext the encrypted text Decryption algorithm the reverse mathematical process to decrypt the message. b) Explain what is meant by a brute force attack and state TWO (2) problems an attacker faces in using a brute force attack on an encrypted message. 3 Award 1 mark for each point up to a maximum of 3 marks: A brute force attack tries every possible key until correct translation of the encrypted text into plaintext is obtained The main problem is the time required to do this On average an attacker must try half of all possible keys before successfully translating a ciphertext c) Outline TWO (2) ways in which an encryption system may be deemed to be computationally secure. 2 Award 1 mark for each bullet point up to a maximum of 2 marks: The cost of breaking the scheme exceeds the value of the encrypted information The time required to break to the scheme is longer than lifetime of the information Total: 10 Page 2 of 14
Question 2 a) Briefly describe FOUR (4) features of public key infrastructure. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: PKI uses a mathematical technique that involves a pair of keys One cryptographic key is public and one is private Can verify the identity of a message sender (through signing) Ensures privacy (through encryption of data) Private/public keys are related but cannot be derived from one another. Note: Credit answers which refer to Certificate Authority and Digital Certification. b) Explain how public key encryption is performed. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: The data is encrypted using a secret key algorithm (symmetric cryptography) A random session key is generated using a symmetric algorithm to encrypt the data The public key is then used to encrypt that key and both are sent securely to the recipient c) Briefly discuss how pubic key decryption is performed. 3 Award 1 mark for each point up to a maximum of 3 marks: If the private key can decrypt the data, the user is certain that the data is meant for him/her but cannot identify the originator The private key decrypts the session key The decrypted session key is used to decrypt the actual data Total: 10 Page 3 of 14
Question 3 a) Produce a diagram to show how the TCP/IP model used over the Internet relates to the OSI 7 layer model for open networks. 4 Award 1 mark for each layer in the TCP/IP stack in the correct position up to a maximum of 4 marks: Host-to-Network Internet Transport Application b) Produce a table to demonstrate how Transport Level Security (TLS) fits with other common Internet protocols in a protocol stack. Your table should be illustrated by showing named protocols. 4 Award 1 mark for each layer in the protocol stack in the correct position up to a maximum of 4 marks: IP TCP TLS HTTP, FTP, SMTP, etc. HTTP, FTP, SMTP TLS TCP IP Question 3 continues on next page Page 4 of 14
c) TLS is typically implemented as Secure Sockets Layer (SSL). What is a SSL Connection? 2 Award 1 mark for each bullet point up to a maximum of 2 marks: SSL connections are peer-to-peer relationships These SSL connections are transient, only last for a certain length of time and each connection is associated with a session Total: 10 Question 4 a) State THREE (3) uses of cryptographic methods in email messaging. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: To sign an email message to ensure its integrity and confirm the identity of its sender. To encrypt the body of an email message to ensure its confidentiality. To encrypt the communications between mail servers to protect the confidentiality of both the message body and message header b) Explain how the OpenPGP protocol is used to encrypt an email message. 7 Award 1 mark for each point up to a maximum of 7 marks: The plaintext message is compressed A random session key is created A digital signature is generated for the message using the sender s private key and then added to the message The message and signature are encrypted using the session key and a symmetric algorithm The session key is encrypted using the recipient s public key and added to the encrypted message The encrypted message is sent to the recipient The recipient reverses these steps Total: 10 Page 5 of 14
Question 5 a) Identity FOUR (4) tasks involved in network vulnerability management. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: Prioritising vulnerabilities determining those that are most critical for the network Fixing vulnerabilities removing avenues for attack Reducing the effects of potential breeches developing systems that will minimize downtime, financial loss, etc. should a breech occur Monitoring for new/unknown vulnerabilities ensuring that new attack signatures are identified and defences are updated as new vulnerabilities are discovered b) What is a port scanner? 1 A port scanner is software that probes a network for open ports c) Outline FIVE (5) features of a port scanner. Your answer should refer to how a port scanner is used and how it works. 5 Award 1 mark for each bullet point up to a maximum of 5 marks: It is used by network administrators to test the network It is used by attackers to look for vulnerabilities The TCP/IP protocol suite has services being supplied by a host through a port There are 65536 different port numbers available and most services use only a very limited number of ports so these can be tested for legitimate use The scan can determine whether each port is open, filtered or closed Port scanners detect UDP Ports Total: 10 Page 6 of 14
Question 6 a) With the use of a diagram, explain how a firewall is used to create a Demilitarised Zone (DMZ). 7 The maximum number of marks awarded to this question is 7. Award 1 mark for each of the key features up to a maximum of 4 marks: Internet/public network Correctly positioned firewall Networked computers Separate server or subnetwork Award 1 mark for each bullet point up to a maximum of 3 marks: Traffic moving between the network on the protected side of the firewall and the Internet goes through the firewall This traffic between the DMZ and the wider internal network also goes through the firewall and has protection policies applied Common to put public-facing servers such as email servers in the DMZ. Note: Credit valid alternative diagrams that label the DMZ and internal network. Question 6 continues on next page Page 7 of 14
b) With the use of a diagram, briefly describe how a screened subnet DMZ differs from a standard DMZ. The maximum number of marks awarded to this question is 3. Award 2 marks for a suitable diagram: 3 Award 1 mark for describing the difference: Traffic from DMZ to trusted network must go through Bastion Host and packet filtering routers as an extra level of security Total: 10 Page 8 of 14
Question 7 a) Briefly describe FOUR (4) key functions of a Virtual Private Network (VPN). 4 Award 1 mark for each bullet point up to a maximum of 4 marks: Authentication - validates that the data was sent from the sender Access Control - preventing unauthorized users from accessing the network Confidentiality - preventing the data from being read or copied as the data is being transported Data Integrity - ensuring that the data has not been altered b) Explain the operation of a Remote Framebuffer Protocol (RFB). 6 Award 1 mark for each bullet point up to a maximum of 6 marks: RFB sends simple graphic messages to the client and input actions to the server It sends information regarding rectangles of screen display The colour information of rectangles for display are transmitted as a framebuffer It includes compression techniques and security features Client uses port 5900 for server access Server may connect in listening mode on port 5500 Total: 10 Page 9 of 14
Question 8 a) Describe THREE (3) characteristics of a wireless network that present a set of security issues that are not usually present in wired networks. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: Wireless networks are essentially broadcast networks between access points and devices Ease of spoofing/mitm The boundary of a wireless network is limited only by signal strength A wireless signal can usually be received outside of the building in which the network is based b) State the THREE (3) functions of a Remote Authentication Dial In User Service (RADIUS) server. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: Authenticating users and/or devices and providing permission for them to access the network Authorising users and/or devices for specific services on the network Accounting for usage of network services c) Explain how a RADIUS authentication server is used in the IEEE 802.1X authentication process. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: The authenticator (access point) transmits EAP-Request Identity frames Supplicant (client) listens and responds with an EAP-Response Identity frame containing an identifier, e.g. user ID Authenticator then encapsulates this in a RADIUS Access-Request packet and sends to authentication server Authentication server replies to the authenticator with EAP Request specifying the EAP Method and authenticator transmits this to supplicant Total: 10 Page 10 of 14
Question 9 a) State THREE (3) steps to follow in configuring a static packet filter on a company network. 3 Award 1 mark for each bullet point up to a maximum of 3 marks: Decide what traffic to permit and what traffic to block, this is determined by nature of business and assessment of security risks Define this as a set of rules that allow and block that traffic Translate these rules into a language that the router or other device understands which may be vendor specific b) Identify SEVEN (7) types of information that should be included in an access control list for each rule in a static packet filter. 7 Award 1 mark for each point up to a maximum of 7 marks: Source IP address the IP address of the sender Source port the port used to send the traffic Destination IP address the IP address of the receiver Destination port the port used to receive the traffic Action - block/allow Comments - allow a brief text explanation Protocol - any specific protocol to allow or block Total: 10 Page 11 of 14
Question 10 a) Describe a typical user authentication process that uses a password for authentication. 4 Award 1 mark for each bullet point up to a maximum of 4 marks: The user supplies a username and password to the system The system looks up the username in the relevant database table The system checks that username, password pair exists The system provides system access to the user usually via some form of token or session variable b) Why is it important that users are not allowed to create their own passwords without ensuring that the password they create is strong? 2 Award 1 mark for each bullet point up to a maximum of 2 marks: Users tend to pick weak passwords if allowed, password is a typical example Weak passwords are very easy to crack via dictionary attack c) Describe TWO (2) methods that are commonly used to ensure that users have strong passwords. 2 Award 1 mark for each bullet point up to a maximum of 2 marks: Ensuring that a set of rules are attached to password creation that ensure the password is strong, e.g. it must be at least 8 characters long, cannot include the user name, must have a combination of upper-case letters, lower-case letters, numbers and special characters The system creates its own passwords and sends them to the user d) State TWO (2) potential security problems with complex passwords. 2 Award 1 mark for each bullet point up to a maximum of 2 marks: Users find it difficult to remember the password They therefore write it down and typically store it near their computer thus proving to be a great security risk Total 10 End of Examination Paper Page 12 of 14
Learning Outcomes matrix Question Learning Outcomes assessed 1 1 Yes 2 2 Yes 3 3 Yes 4 3, 4 Yes 5 5, 6 Yes 6 7 Yes 7 8 Yes 8 9 Yes 9 7 Yes 10 5 Yes Marker can differentiate between varying levels of achievement Page 13 of 14
Grade descriptors Learning Outcome Pass Merit Distinction Understand the most common types of cryptographic algorithm Demonstrate adequate understanding of common types of cryptographic Demonstrate robust understanding of common types of cryptographic algorithm Demonstrate highly comprehensive understanding of common types of cryptographic Understand the Public-key Infrastructure Understand security protocols for protecting data on networks Be able to digitally sign emails and files Understand Vulnerability Assessments and the weakness of using passwords for authentication Be able to perform simple vulnerability assessments and password audits Be able to configure simple firewall architectures Understand Virtual Private Networks Be able to deploy wireless security algorithm Demonstrate adequate level of understanding Demonstrate adequate understanding of security protocols Demonstrate ability to perform the task Demonstrate adequate level of understanding Demonstrate ability to perform the task Demonstrate adequate level of understanding and ability Demonstrate adequate level of understanding Demonstrate ability to perform the task Demonstrate robust level of understanding Demonstrate robust understanding of security protocols Demonstrate ability to perform the task consistently well Demonstrate robust level of understanding Demonstrate ability to perform the task consistently well Demonstrate robust level of understanding and ability Demonstrate robust level of understanding Demonstrate ability to perform the task consistently well algorithm Demonstrate highly comprehensive level of understanding Demonstrate highly comprehensive understanding of security protocols Demonstrate ability to perform the task to the highest standard Demonstrate highly comprehensive level of understanding Demonstrate ability to perform the task to the highest standard Demonstrate highly comprehensive level of understanding and ability Demonstrate highly comprehensive level of understanding Demonstrate ability to perform the task to the highest standard Page 14 of 14